use FQDN host in certificates
authorColin Leroy <colin@colino.net>
Tue, 12 Nov 2002 12:38:52 +0000 (12:38 +0000)
committerColin Leroy <colin@colino.net>
Tue, 12 Nov 2002 12:38:52 +0000 (12:38 +0000)
ChangeLog.claws
configure.in
src/ssl_certificate.c
src/ssl_certificate.h

index 0e587f6..cd2da29 100644 (file)
@@ -1,3 +1,8 @@
+2002-11-12 [colin]     0.8.5claws131
+
+       * src/ssl_certificate.[ch]
+               Use FQDN hostname
+
 2002-11-12 [colin]     0.8.5claws130
 
        * src/ssl_certificate.[ch]
index 4b7b4f1..dbc1e52 100644 (file)
@@ -11,7 +11,7 @@ MINOR_VERSION=8
 MICRO_VERSION=5
 INTERFACE_AGE=0
 BINARY_AGE=0
-EXTRA_VERSION=claws130
+EXTRA_VERSION=claws131
 VERSION=$MAJOR_VERSION.$MINOR_VERSION.$MICRO_VERSION$EXTRA_VERSION
 
 dnl set $target
index 572bb20..1ef0c9f 100644 (file)
 #include "utils.h"
 #include "intl.h"
 #include "prefs_common.h"
+#include "socket.h"
 
 static void ssl_certificate_destroy(SSLCertificate *cert);
 static char *ssl_certificate_check_signer (X509 *cert); 
 
+static char * get_fqdn(char *host)
+{
+       struct hostent *hp;
+       hp = my_gethostbyname(host);
+       if (hp == NULL)
+               return g_strdup(host); /*caller should free*/
+       else 
+               return g_strdup(hp->h_name);
+}
+
 static char * readable_fingerprint(unsigned char *src, int len) 
 {
        int i=0;
@@ -64,9 +75,8 @@ SSLCertificate *ssl_certificate_new(X509 *x509_cert, gchar *host, gushort port)
                ssl_certificate_destroy(cert);
                return NULL;
        }
-
        cert->x509_cert = X509_dup(x509_cert);
-       cert->host = g_strdup(host);
+       cert->host = get_fqdn(host);
        cert->port = port;
        return cert;
 }
@@ -101,7 +111,7 @@ static void ssl_certificate_save (SSLCertificate *cert)
 
 }
 
-static char* ssl_certificate_to_string(SSLCertificate *cert)
+char* ssl_certificate_to_string(SSLCertificate *cert)
 {
        char *ret, buf[100];
        char *issuer_commonname, *issuer_location, *issuer_organization;
@@ -181,33 +191,37 @@ void ssl_certificate_destroy(SSLCertificate *cert)
        cert = NULL;
 }
 
-static SSLCertificate *ssl_certificate_find (gchar *host, gushort port)
+SSLCertificate *ssl_certificate_find (gchar *host, gushort port)
 {
        gchar *file;
        gchar *buf;
+       gchar *fqdn_host;
        SSLCertificate *cert = NULL;
        X509 *tmp_x509;
        FILE *fp;
-       
+
+       fqdn_host = get_fqdn(host);
        buf = g_strdup_printf("%d", port);
        file = g_strconcat(get_rc_dir(), G_DIR_SEPARATOR_S, 
                          "certs", G_DIR_SEPARATOR_S,
-                         host, ".", buf, ".cert", NULL);
+                         fqdn_host, ".", buf, ".cert", NULL);
 
        g_free(buf);
        fp = fopen(file, "r");
        if (fp == NULL) {
                g_free(file);
+               g_free(fqdn_host);
                return NULL;
        }
        
        
        if ((tmp_x509 = d2i_X509_fp(fp, 0)) != NULL) {
-               cert = ssl_certificate_new(tmp_x509, host, port);
+               cert = ssl_certificate_new(tmp_x509, fqdn_host, port);
                X509_free(tmp_x509);
        }
        fclose(fp);
        g_free(file);
+       g_free(fqdn_host);
        
        return cert;
 }
@@ -281,7 +295,7 @@ gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port)
                cur_cert_str = ssl_certificate_to_string(current_cert);
                
                err_msg = g_strdup_printf(_("%s presented an unknown SSL certificate:\n%s"),
-                                         host,
+                                         current_cert->host,
                                          cur_cert_str);
                g_free (cur_cert_str);
 
@@ -317,7 +331,7 @@ gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port)
                known_cert_str = ssl_certificate_to_string(known_cert);
                cur_cert_str = ssl_certificate_to_string(current_cert);
                err_msg = g_strdup_printf(_("%s's SSL certificate changed !\nWe have saved this one:\n%s\n\nIt is now:\n%s\n\nThis could mean the server answering is not the known one."),
-                                         host,
+                                         current_cert->host,
                                          known_cert_str,
                                          cur_cert_str);
                g_free (cur_cert_str);
index 9c80d15..6e0c8bc 100644 (file)
@@ -40,6 +40,8 @@ struct _SSLCertificate
 };
 
 gboolean ssl_certificate_check (X509 *x509_cert, gchar *host, gushort port);
+SSLCertificate *ssl_certificate_find (gchar *host, gushort port);
+char* ssl_certificate_to_string(SSLCertificate *cert);
 
 #endif /* USE_SSL */
 #endif /* SSL_CERTIFICATE_H */